Vulnwatch: ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnwatch mailing list archives

ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0

From: "D'Amato Luigi" <luigidamato77 () yahoo it>
Date: Sat, 26 Jun 2004 14:03:40 +0100

26/06/2004

ZH2004-10SA (security advisory): Sql Injection in Help Desp Pro 2.0
Discovered: June 1st 2004

Vendor contacted: June 1st 2004
Published: June 26th 2004

Title: Help Desk Pro

Vulnerable versions :2.0 unpatched

Type: Sql Injection

Author: D'Amato Luigi from Zone-h Security Labs -
securitywireless () zone-h it - admin () securitywireless info

Vendor: http://www.websoft.it/


Description

**********
Zone-H Security Team has discovered a flaw in Securityin Help Desk Pro. This
vulnerability could allow malicious
attackers to bypass the authentication mechanish without having an account

Detail

********************************************

Due to an improper login validation in the login page it is possible to
bypass the authentication mechanism

Solution

**********

The vendor has been contacted and has released a patch


--- 

D'Amato Luigi from Zone-h Security Labs -
securitywireless () zone-h it -
admin () securitywireless info
Admin Security Wireless
http://www.securitywireless.info

http://www.zone-h.org/en/advisories/read/id=4891/

By Date By Thread

Current thread:

@stake: AppleFileServer Remote Command Execution @stake Advisories (May 03)
- ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0 D'Amato Luigi (Jun 26)